Posted
by
Soulskill
on Wednesday October 10, 2012 @04:03PM
from the not-going-to-spark-world-war-3 dept.

itwbennett writes "ICANN wants to store more data (including credit card information) about domain name registrations in its Whois database, wants to hold on to that data for two years after registration ends, and wants to force registrant contact information to be re-verified annually — moves that are applauded by David Vladeck, director of the FTC's Bureau of Consumer Protection. The E.U.'s Article 29 Working Group is markedly less enthusiastic, saying ICANN's plans trample on citizens' right to privacy."

Gandi [gandi.net] includes private whois with all registrations. There are a number of other registrars who will do it for a fee.

(Solely in my opinion) you should stay away from GoDaddy though. They charge $20 every time they discover that your whois information is fake, probably to get you to buy their private registration service. Instead, I transferred all my domains to Gandi. Everybody wins, right?

That makes no sense, because many people can and routinely do send e-mail from the same domain.

This move is fairly directly contrary to the basic rules of privacy in the EU, and after the negative press that European governments have had over things like airline passenger and banking information recently, I don't see this getting very far. There's no compelling "fear the terrorists" or "catch the tax evaders" kind of argument with popular appeal here. The US authorities have no need to know my credit card number, and certainly no need to keep it for years, assuming it's even still valid by that time.

Actually, neither the right to privacy (unless you count 'secure in your person' in the 4th amendment) nor the right to not get spam are defined.. given a choice, I'd rather get spam than lose my privacy..and if marketing was opt in in the first place, spam would hardly be a problem in the first place.

Because lots of blacklists of various types frown on domains that use those services, as they're often used by spammers and fraudsters. Hope you're not hosting a site or sending mail from that domain with the expectation that everyone will be able to see / receive it without trouble.

Because Slashdot is forever banging on about how ICANN is great and the UN is threatening to take over the internet and should be stopped at all costs. About the fourteenth hilariously inaccurate article along these lines was posted earlier today.

Not good enough. I want the UN completely dismantled and eliminated! The idea of a "UN" sounds nice, but now it's just a "StarWars Bar Scene" full of corrupt bureaucrats. It's like a form of democracy that votes in favor of tyranny. Freedom at the lowest common denominator.

What's to stop companies from continuing the "private registration" feature that they already offer (often for a significant fee) to hide the domain owners name, address and other personal details? If the "owner" of the domain has to have their real contact info on file with the domain, then for customers that want to remain private GoDaddy and other registrars can "own" the domain with a contract giving exclusive use of the domain to whoever paid for the domain.

I personally don't mind having legitimate data associated to domains I own, but I don't like that my name, address, phone number, and email address is visible to everyone. I don't really think ICANN needs my credit card number, but it seems like just making only, say, the name, available publicly would be a better first step.

Why would you store credit card information in WHOIS? I already get mail from registrars wanting me to "renew" my domains (read Transfer them to them) for a "reduced rate" of $30 (I pay $12 a year). If the credit card information was in there as well, what would stop shady organizations from using that information for other scams? WHOIS certainly doesn't keep my physical address safe from scammers.

There is no need at all to have a credit card associated with a domain. For example, I don't pay for my.org domain by credit card. In fact, here in the Netherlands a lot of people don't even have a credit card, since we have other payment systems that are cheaper and buying stuff on credit is not as common as in the US or UK.

Why would you store credit card information in WHOIS? I already get mail from registrars wanting me to "renew" my domains (read Transfer them to them) for a "reduced rate" of $30 (I pay $12 a year).

This is just another intentionally misleading headline. Card data is not going into whois.

The issue is requiring registrars to hang on to CC data so that governments would be able to "lawfully" request from the registrar if that registrar is operating within jurisdiction of said goverment.

Rather than addressing data retention standards with legislation as decided by each countries government...such as thru a billing passed by congress and signed by the president they are essentially attempting an end run around democractic process to get a desired outcome.

None if it is defensible...both ICANN and FTC are in the wrong regardless of what you feel about the issue of data retention.

ICANN doesn't give a rat's ass about the validity of data in WHOIS, and hasn't for a long time. Someone (perhaps in law enforcement?) probably put a little pressure on them something recently and now they are putting on a show. It will blow over soon enough and we'll be back to business as usual, with ever-increasingly-more-meaningless WHOIS data.

From my own experience I would say at least 80% of the records I have looked up in the past several months for extant domain names have had obfuscated information, protected by registrars who don't give a damn that their customers are conducting illegal activities (fraud, selling drugs, selling pirated software, sending spam, etc) through the domains that they sold them. ICANN doesn't give a shit about "protected" obfuscated domain names, and doesn't care about ones with blatantly false data, either.

ICANN just wants to make money. They'll either find a way to make more money with this, or - more likely - they will give it up once the pressure is off.

ICANN doesn't give a rat's ass about the validity of data in WHOIS, and hasn't for a long time. Someone (perhaps in law enforcement?) probably put a little pressure on them something recently and now they are putting on a show.

Not law enforcement - they don't really care because if they need to, they can just ask and most registrars will just gladly hand it over. May take a warrant or so.

No, this would be for those who want that information but cannot obtain it like that - think the **AAs for that. Find a d

Not law enforcement - they don't really care because if they need to, they can just ask and most registrars will just gladly hand it over. May take a warrant or so.

I disagree with you on this one. Registrars don't fear warrants from law enforcement in most cases, because in most cases the registrars who sell domains to people who are out to do things that violate (for example) US laws will be set up in countries where such laws do not exist. If the registrar is located in, say, China, and the warrant comes from the US, it goes right into the trash. Interpol doesn't give a damn either, they have bigger fish to fry.

But isn't it technically possible for people to set up a free DNS or functionally equivalent service of their own, without any government or private regulations, and without necessarily charging [exorbitant] fees to use it? Everything else related to the web is open source...

I love ICANN.. They require real contact information be stored in a public database or else your domain can be taken and resold and oh by the way registrars get to charge extra just to keep your identity in the public database safe.

All they are doing to address the sespool of automated domain capture, phishing and extortion activities upon expiration is truely amazing and inspiring.

I'm having trouble finding the words to express my appreciation for their infinite TLD program which has opened up new and exci

This answers why EU wants less control of USA over the internet.
EU cares (more) about privacy that USA.

Privacy on the internet? You can't be serious.... If you expect privacy on the internet you are fooling yourself. Data passes though too many hands and too many servers and too many countries to remain private every time you expect it. You can encrypt the payloads and use proxies to make it hard to track you, but the information is still bouncing around out there and somebody could, if they wanted too bad enough, find you or decrypt your data.

Credit cards are fundamentally insecure (the fact you can get money off one by merely knowing the number on the front and the expiry date and a couple of other trivially easy to find bits of information - all of which will be in the whois database). ICANN should think hard - do they really want to be held responsible when the inevitable breach occurs? Do they really want to have to implement PCI-DSS for the networks and systems holding whois data? The decision to hold credit card data in whois is likely to

If you really don't want to give up all this data to the whois directory, just forgo having a domain... Simple as that.

If you really *must* have a domain and you are worried about privacy, prepaid credit cards, prepaid phones, a P.O. box and throw away E-mail account are pretty easy to obtain these days, but that is only necessary if you don't trust who you buy the domain from and they refuse to be the whois contacts for you.

If anybody really is still worried about their privacy, I'll be happy to proxy th

If you really don't want to give up all this data to the whois directory, just forgo having a domain... Simple as that

Or alternatively, use a registrar in Europe. Not proof against a warrant. That is fine. Just a little less of my info where the spammers MAFIAA and other criminal organisations can easily see it. No doubt, there is still plenty out there but "every little helps".